Privacy Policy

Last updated: 29 May 2026

Before going live: replace [COMPANY NAME], [LEGAL ADDRESS], [COMPANY/VAT NUMBER] and [SUPPORT EMAIL] with your real details. If you appoint a Data Protection Officer, add their contact. Have this reviewed by a privacy professional.

1. Who is responsible for your data

The data controller is [COMPANY NAME], [LEGAL ADDRESS], company/VAT number [COMPANY/VAT NUMBER]. For any privacy question, email [SUPPORT EMAIL].

We process personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

2. What data we collect

Order & contact data: name, email address, phone number, shipping and billing address.
Order details: products purchased, amount, currency, order reference, fulfilment and tracking status.
Payment data: handled directly by Stripe. We receive a payment confirmation and limited details (e.g. last 4 digits, status) — we never receive or store your full card number.
Technical data: language preference (stored locally in your browser) and basic, non-identifying server logs.

3. Why we use it and our legal basis

Purpose	Legal basis (GDPR Art. 6)
Process and deliver your order, customer service	Performance of a contract (6(1)(b))
Accounting, tax and legal obligations	Legal obligation (6(1)(c))
Fraud prevention and securing the store	Legitimate interest (6(1)(f))
Marketing emails / non-essential cookies	Consent (6(1)(a)) — only if you opt in

4. Who we share it with (processors)

We share data only with service providers who help us run the store, under data-processing agreements:

Stripe — payment processing
FedEx — shipping and delivery
Shopify — order management / fulfilment
Our hosting provider — running this website

We do not sell your personal data.

5. International transfers

Some providers may process data outside the EU/EEA. Where that happens, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

6. How long we keep it

We keep order and invoice data for as long as required by tax and commercial law (typically up to 10 years, depending on your country). Other data is kept only as long as needed for the purpose it was collected.

7. Your rights

You have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent at any time. See our GDPR rights page for details and how to exercise them. You may also lodge a complaint with your national data protection authority.

8. Cookies

See our Cookie Policy for what we store in your browser and how to control it.